6.2
CVE-2024-45039 - gnark's Groth16 commitment extension unsound for more than one commitment
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-nativβ¦
5.9
CVE-2024-45040 - gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affeβ¦
9.2
CVE-2024-1744 - IDOR in Ariva Computer's Accord ORS
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.
4.3
CVE-2024-8427 - Frontend Post Submission Manager Lite β Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorβ¦
The Frontend Post Submission Manager Lite β Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. This makesβ¦
6.4
CVE-2024-8317 - WP AdCenter β Ad Manager & Adsense Ads <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scβ¦
The WP AdCenter β Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βad_alignmentβ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wβ¦
9.8
CVE-2024-8292 - WP-Recall β Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference toβ¦
The WP-Recall β Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for uβ¦
7.2
CVE-2024-7349 - LifterLMS <= 7.7.5 - Authenticated (Admin+) SQL Injection
The LifterLMS β WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existβ¦
3.5
CVE-2024-6792 - WP ULike < 4.7.2.1 - Subscriber+ Stored-XSS
The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.
7.9
CVE-2024-39585 -
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.
7.5
CVE-2024-38486 -
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading toβ¦